<?php
	ob_start();
	$host="localhost"; 
	$username="testing"; 
	$password = "testing";
	$db_name = "inb302";
	$tbl_name="users";// for registed users
	
	//Connect to server and select database
	mysql_connect("$host", "$username", "$password") or die("cannot connect with Database!");
	mysql_select_db("$db_name")or die("cannot select database");
	
	//username and password sent from form
	$myusername = $_POST['username'];
	$mypassword = $_POST['pwd'];
	
	//To protect MySql injection
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = mysql_real_escape_string($myusername);
	$mypassword = mysql_real_escape_string($mypassword);
	
	$sql="SELECT * FROM $tbl_name where name = '$myusername' and password='$mypassword'";
	$result=mysql_query($sql);
	
	//Counting table row
	$count=mysql_num_rows($result);
	//if result matched $myusername and $mypassword, table row must be 1 row
	if($count==1){
	//Register $myusername, $mypassword and redirect to file "login_success.php"
	session_register("myusername");
	session_register("mypassword:");
	header("location:login_success.php");
	}
	else {
	echo "Wrong username or password";
	}
	ob_end_flush(); //what is this?
	?>
	
	
	
	
	
	
	
	
	